On Thursday, November 29th, between 21:00-22:00 UTC (1-2pm PST)
Wikimedia Foundation will release security updates for current and
supported branches of the MediaWiki software. We are providing this
pre-announcement as a courtesy for administrators to be ready to
accept the fix for these on Thursday. We will send another
announcement email when the patches and tar files are ready for
download.
* Vulnerabilities were found in both MediaWiki core and the
CentralAuth extension. Successful exploitation could allow an attacker
to compromise another user's account. Risk is considered moderate
(CVSS Base Score: 4).
* One vulnerability was discovered that could allow an attacker to
prevent users from viewing Special:RecentChanges, and other pages,
which could prevent the detection of SPAM or vandalism. Public wikis
are encouraged to upgrade.
* A flaw in the MediaWiki 1.20 API could allow a stored XSS.
Exploitation requires user interaction or an existing XSS
vulnerability, so risk of exploitation is low.
For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm happy to announce the availability of the first stable release
of the new MediaWiki 1.20 release series.
MediaWiki 1.20 is a large release that contains many new features and
bug fixes. This is a summary of the major changes of interest to users.
You can consult the RELEASE-NOTES-1.20 file for the full list of changes
in this version.
Our thanks go to everyone who helped to improve MediaWiki by testing
the beta release and submitting bug reports.
== What's new? ==
MediaWiki 1.20 brings the usual host of various bugfixes and new features.
* Minimum PHP version is now 5.3.2.
* New diff view, greatly improved in clarity especially for
whitespace and other small changes and color-blind users.
* New special page Special:MostInterwikis.
* New magic word {{PAGEID}} which gives the current page ID.
* The info action has been reimplemented.
Internationalization:
* New languages supported: Emilian (egl), Tornedalen Finnish (fit),
Mizo (lus), Santali (sat), Turoyo (tru)
* New Cyrillic-Latin language converter for Uzbek (uz)
== What's next? ==
=== Next Release ===
Since the Wikimedia Foundation has successfully switched to a biweekly
release cycle for their sites, making releases of MediaWiki available
on a more regular basis makes sense. As of this release, we plan to
release a new version of MediaWiki every six months. This means that
version 1.21 of MediaWiki will be released in April or May 2013.
=== Long Term Support ===
We're working closely with Linux distributors to make sure that the
MediaWiki bundled in Linux is something that we feel more comfortable
supporting. In this vein, MediaWiki 1.19 is being targeted for "long
term support". Since Debian (the Linux distribution with the longest
release cycle) has a two year cycle between each freeze and we've
gotten MediaWiki 1.19 into Wheezy, we'll support MW 1.19 for the next
two years. (Thank you especially to MediaWiki developer Platonides
for his help in working with the Debian developers.)
Full release notes:
https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=RELEASE…https://www.mediawiki.org/wiki/Release_notes/1.20
Frequently asked questions about upgrading:
http://www.mediawiki.org/wiki/Manual:FAQ#Upgrading
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.0.tar.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.0.tar.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
- --
http://hexmode.com/
Any time you have "one overriding idea", and push your idea as a
superior ideology, you're going to be wrong. ... The fact is,
reality is complicated -- Linus Torvalds <http://hexm.de/mc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iD8DBQFQmbfgc17xCi38v/URAmLmAJ9n8ayLP+g1bo2Gv7zcvcI0Nw8W0QCdEaAR
s615i/Ft76+xuMWgJ+73P+4=
=DLfb
-----END PGP SIGNATURE-----